IN THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1.-46. (cancelled) 

47. (currently amended) A method for secure in-band management of a network device 
that provides routing and forwarding services, the method comprising: 

configuring a virtual private network (VPN) for the network device; 

linking the VPN to a source of non-VPN management commands; 

using the VPN to carry the non-VPN management commands traffic from the 
source of the non-VPN management commands to the network device; and 

using the network device to forward the non-VPN management 
commandsfr ag&e to a management port of the network device through a VPN module. 

48. (previously presented) The method of claim 47 wherein the network device includes 
a routing and forwarding module and a management VPN module coupled to the routing 
and forwarding module. 

49. (previously presented) The method of claim 47 wherein the network device is one of 
a network switch, a network bridge, a network hub, and a network gateway. 
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50. (previously presented) The method of claim 47 wherein the network device can 
perform one of Internet Protocol (IP) services, Multiprotocol Label Switching (MPLS) 
services, and Asynchronous Transfer Mode (ATM) services. 

5 1 . (currently amended) The method of claim 47 wherein the source of the non-VPN 
management commands is one of a non-VPN management device and a non-VPN 
management function. 

52. (currently amended) A network device that provides routing and forwarding services 
for a data network, the network device comprising: 

a routing and forwarding module to forward data received from the data 
network on an input data link to an output data link in accordance with source and 
destination information contained in the data; 

a router configuration module to perform non-VPN management operations 
for the network device; 

a management port coupled to the router configuration module to receive the 
non-VPN m anagement commands for the router configuration module; and 

a management VPN module coupled to the routing and forwarding module 
and to the management port, the management VPN module to provide non-VPN 
management commands to the management port from a virtual private network (VPN) 
that us e s a tunn e ling protocol on th e data n e twork to d e liv e r , wherein the non-VPN 
management commands are delivered to the routing and forwarding module. 
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53. (previously presented) The network device of claim 52 wherein the network device 
is one of a network switch, a network bridge, a network hub, and a network gateway. 

54. (previously presented): 

The network device of claim 52 wherein the network device can perform one of 
Internet Protocol (IP) services, Multiprotocol Label Switching (MPLS) services, and 
Asynchronous Transfer Mode (ATM) services. 

55. (currently amended): 

The network device of claim 52 wherein the source of the non-VPN management 
commands is one of a non-VPN management device and a non-VPN management 
function. 

56. (currently amended): 

A network device that provides routing and forwarding services, the network device 
comprising: 

means for configuring a virtual private network (VPN) for the network device; 

means for linking the VPN to a source of non-VPN management commands; 

means for using the VPN to carry the non-VPN management commandsfr aiSe 
from the source of the non-VPN management commands to the network device; and 

means for using the network device to forward the non-VPN management 
commandstFaffie to a management port of the network device through a VPN module. 
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57. (currently amended): 

The network device of claim 56 wherein the means for using the network device to 
forward the non-VPN management commands tragSe to a management port of the 
network device through a VPN module includes a routing and forwarding module and 
a management VPN module coupled to the routing and forwarding module. 

58. (previously presented): 

The network device of claim 56 wherein the network device is one of a network 
switch, a network bridge, a network hub, and a network gateway. 

59. (previously presented): 

The network device of claim 56 wherein the network device can perform one of 
Internet Protocol (IP) services, Multiprotocol Label Switching (MPLS) services, and 
Asynchronous Transfer Mode (ATM) services. 

60. (currently amended): 

The network device of claim 56 wherein the source of the non-VPN management 
commands is one of a non-VPN management device and a non-VPN management 
function. 

61. (currently amended): 

A machine-readable medium providing instructions, which if executed by a processor, 
cause the processor to perform an operation comprising: 



Application No.: 09/738,807 



-5- 



Attorney Docket No.: 81862. P178 



configuring a virtual private network (VPN) for a network device; 

linking the VPN to a source of non-VPN management commands; 

using the VPN to carry the non-VPN management commandsteaffie from the 
source of the non-VPN management commands to the network device; and 

using the network device to forward the non-VPN management 
commandstraffie to a management port of the network device through a VPN module. 



62. (previously presented): 

The machine-readable medium of claim 61 wherein the network device includes a 
routing and forwarding module and a management VPN module coupled to the 
routing and forwarding module. 



63. (previously presented): 

The machine-readable medium of claim 61 wherein the network device is one of a 
network switch, a network bridge, a network hub, and a network gateway. 



64. (previously presented): 

The machine-readable medium of claim 61, further providing instructions, which if 
executed by the processor, further cause the processor to perform an operation 
comprising one of performing Internet Protocol (IP) services, performing 
Multiprotocol Label Switching (MPLS) services, and performing Asynchronous 
Transfer Mode (ATM) services. 
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65. (currently amended): 

The machine-readable medium of claim 61 wherein the source of the non-VPN 
management commands is one of a non-VPN management device and a non-VPN 
management function. 

66. (currently amended): 

A data network comprising: 

a plurality of network devices that provide routing and forwarding services for 
the data network; and 

a source of non-VPN management commands transmitted to the plurality of 
network devices using a virtual private network (VPN ) that us e s a tunn e ling protocol 
on th e data n e twork^ wherein each of the plurality of network devices includes^ 

a routing and forwarding module to forward data received from the 
data network on an input data link to an output data link in accordance with 
source and destination information contained in the data; 

a router configuration module to perform non-VPN management 
operations for the network device; 

a management port coupled to the router configuration module to 
receive non-VPN management commands for the router configuration module; 
and 

a management VPN module coupled to the routing and forwarding 
module and to the management port, the management VPN module to provide 
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non-VPN management commands to the management port from the source of 
the non-VPN management commands. 

67. (previously presented): 

The data network of claim 66 wherein each of the plurality of network devices is one 
of a network switch, a network bridge, a network hub, and a network gateway. 

68. (previously presented): 

The data network of claim 66 wherein the plurality of network devices can perform 
one of Internet Protocol (IP) services, Multiprotocol Label Switching (MPLS) 
services, and Asynchronous Transfer Mode (ATM) services. 

69. (currently amended): 

The data network of claim 66 wherein the source of the non-VPN management 
commands is one of a non-VPN management device and a non-VPN management 
function. 
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